This makes it technically fairly straightforward to take advantage of
the CAF Login Exception.

In the resulting website the source download link is only present on
the login page unless the application also provides such a link, but
that link is functional after logging in and can easily be used by
bookmarking the url or using multiple browser tabs.